Solved

How to Remove TR/Dropper.Gen Virus

Posted on 2013-01-03
5
1,100 Views
Last Modified: 2013-11-22
Hello,

I realised that my file server shares have all vanished. Checks revealled that the folders have become hidden and read-only and replacemenent exe's with the same name as the folders are not available instead.

My read around indicates this is Dropper virus or trojan. My antivirus program, Avira,  could not detect this virus.

I would like a step by step manual way of removing this virus and restoring the files and folders on my server to their original status.
0
Comment
Question by:it_gsr
5 Comments
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 38740199
Please check this link, edit registry at your own risk .
http://www.ehow.com/how_7308616_remove-tr_dropper-virus.html
0
 
LVL 3

Expert Comment

by:mi3er
ID: 38740204
Hm, intresting. Maybe it's new modification. http://www.avira.com/en/support-threats-description/tid/3647/tr_dropper.gen.html Is your avira updated?
Try this cleaner. Doesn'r required install http://www.freedrweb.com/download+cureit/
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 38741267
@it_gsr,

I would advice you to scan the system with MalwareBytes and post the logs for further assistance on this issue. Make sure that you should run RogueKiller before you run MalwareBytes.

Further you should also check the User's systems which are connected to those shares, since those system would be infected as well.

Scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:it_gsr
ID: 38743944
Sudeep

Followed the instructions and these are the logs.

I am yet to run step 3.

I notice that not long after the foldes are unidden by Roguekiller, the problem resurfaces. I assume it could be a user re-infecting the system.

Any way I can prevent reinfections?
RKreport-2--SC-01042013-02d0847.txt
mbam-log-2013-01-04--09-13-06-.txt
RKreport-1--S-01042013-02d0825.txt
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 38743973
Get a descent antivirus or internet security, I'm using Kaspersky Internet security and haven't had any virus at all even though I visit some infected sites intentionally but Kaspersky even checks the website that you visit for infection. and also downloads even if they are compressed in ZIP format.

Also you may want to set your server behind a strict firewall like Cisco, SonicWALL for hardware or pfsense, untangle iptable for Software firewalls.

I'm using pfsense over 25 servers with IP blocker for spammers and Snort for network intrusion detection.

If you just have one server then you can set it for both your server and clients as well.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now